Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

Tips to improve domain password security in Active Directory

How to reset Kerberos account passwords in an Active Directory environment

How to reset Kerberos account passwords in an Active Directory environment

A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.

Microsoft 365 Defender updates bring a single portal view

Microsoft 365 Defender updates bring a single portal view

New Microsoft 365 Security Center allows you to more quickly assess threat risk and take action, but you need an E5 license.

How Azure Active Directory helps manage identity for remote users

How Azure Active Directory helps manage identity for remote users

Still using Active Directory to manage identity for remote workers? You might want to consider moving to Azure Active Directory.

The SolarWinds Senate hearing: 5 key takeaways for security admins

The SolarWinds Senate hearing: 5 key takeaways for security admins

Testimony by key security executives in the US Senate reveal how unprepared most organizations are for supply chain attacks. Here are the lessons security admins should learn from it.

How to patch Exchange Server for the Hafnium zero-day attack

How to patch Exchange Server for the Hafnium zero-day attack

Admins in many businesses report indicators of compromise from an Exchange zero-day vulnerability. Don't assume you're not a target. Investigate for signs of the attack and patch now.

How to protect Windows Remote Desktop deployments

How to protect Windows Remote Desktop deployments

Attackers gain access to your Windows network just as work-from-home employees do: remotely. Following these simple steps will send them looking for easier targets.

Microsoft 365 Advanced Audit: What you need to know

Microsoft 365 Advanced Audit: What you need to know

Microsoft's powerful new auditing options will help detect intrusions and see what was accessed...if you've paid for the right licenses.

The .NET patch failure that wasn’t

The .NET patch failure that wasn’t

This month’s patch updates from Microsoft have caused few problems, and though there were some issues related to .NET, even those have been scattered.

How to defend against OAuth-enabled cloud-based attacks

How to defend against OAuth-enabled cloud-based attacks

Use these settings in Microsoft Azure Active Directory to take control of user-requested OAuth access permissions.

How to harden Microsoft Edge against cyberattacks

How to harden Microsoft Edge against cyberattacks

Chromium-based Edge gives enterprises the opportunity to standardize on one browser. Here are the key security settings you need to know.

What you need to know about changes to Microsoft's Security Update Guide

What you need to know about changes to Microsoft's Security Update Guide

The Security Update Guide now aligns more closely with the CVSS, but sometimes lacks information needed to properly respond to a vulnerability report.

Load More